How to tell whether a private key is password protected

This is part of the Semicolon&Sons Code Diary - consisting of lessons learned on the job. You're in the unix category.

Last Updated: 2022-05-26

One obvious way (works generally: but not with openssh) is looking at the file and seeing the following header that states it is encrypted

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED

Compare the above to the unencrypted version lacking that header

-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA3qKD/4PAc6PMb1yCckTduFl5fA1OpURLR5Z+T4xY1JQt3eTM

However, a more fool-proof way is to run the code below. If you are asked for a password, it is protected. Otherwise it will print the public key to STDOUT (e.g. ssh-dds xyzabc123...)

ssh-keygen -y -f ~/.ssh/name_of_key